How safe is your home working?
As the UK continues to deal with lockdown rules, many of us are becoming more accustomed to working from home. While this is good news for business, it also means that criminals are seeking more and more ways to tap into the fear surrounding COVID-19 using email phishing scams and other forms of cybercrime.
We want to help you keep your business as safe as possible while working remotely, so we’ve put together some guidance about cybersecurity measures you can implement for yourself and your team while working from home. There will be more guidance coming over the next week, so be sure to sign up for emails so that you don’t miss anything.
Part 1: Preparing for home working
Whilst working from home will not be new to everyone, the ongoing situation means that you may be considering home working on a greater scale, and for a longer period of time. You may have more people working from home than usual, and some of these may not have done it before.
If you need to set up new accounts or accesses so your staff can work from home, you should set strong passwords for user accounts. Please refer to the NCSC guidance for system owners responsible for determining password policy. The NCSC strongly recommend you implement two-factor authentication (2FA) if available.
Working from home can be daunting for people who haven't done it before, especially if it's a sudden decision. There are also practical considerations; staff who are used to sharing an office space will now be remote. Think about the new services that you may need to provide so they can continue to collaborate such as chat rooms, video teleconferencing (VTC) and document sharing. The NCSC guidance on implementing Software as a Service (SaaS) applications can help you choose and roll out a range of popular services. If you are already providing such services, you'll need to plan for a potentially large increase in users.
Here are some general recommendations to support secure home working:
· Remote users may need to use different software (or use familiar applications in a different way) compared to what they do when in the office. You should produce written guides for these features, and test that the software works as described.
· Depending on the experience of your staff (and the applications you provide), you should consider producing a series of 'How do I?' guides. For example, you might produce a 'How to log into and use an online collaboration tool'.
· Staff are more likely to have their devices stolen (or lose them) when they are away from the office or home. Make sure devices encrypt data whilst at rest, which will protect data on the device if it is lost or stolen. Most modern devices have encryption built in, but encryption may still need to be turned on and configured.
· Fortunately, the majority of devices include tools that can be used to remotely lock access to the device, erase the data stored on it, or retrieve a backup of this data. You can use mobile device management software to set up devices with a standard configuration.
· Make sure staff know how to report any problems. This is especially important for security issues (see looking after devices below).
· Your staff might feel more exposed to cyber threats when working outside the office environment, so now is a great time for them to work through the NCSC's Top Tips for Staff e-learning package.